Category Archives: tech

Evaluating Posterous #review #webapp

Posted on by
Reply
I am trying out this post aggregator called Posterous. It allows you to use email for posting to many other sites where you post content, like Flickr, Facebook, Twitter, etc. It has a neat idea of specific email addresses like facebook@posterous.com for posting to facebook and likewise for others. You can even combine destinations, like facebook+twitter@posterous.com. For links to images, it inserts the image for you (I think), for videos, it embeds the video player in your posts(they say).

Pretty neat. The best think I like about their idea is the central place email has in all of this. I get really tired trying to add content to each of the sites by using their own client. I hate web-based forums, and prefer mailing lists. I am more of a 90s has-been with a hangover of text email (not even formatted email). So give me a system which works by email, and I am happy.

But then, I use Gmail, and today for the first time, I am using the formatting buttons in Gmail, to intentionally sending an HTML formatted email to see if posterous gets it. I am sending this to my regular self-hosted wordpress blog.

I frequently post code snippets. So the following should work.

import dbus
bus = dbus.SystemBus()

Unfortunately, Gmail forces me to use a certain font (Courier New) to format my code. So I have no idea how the above would look to a person without this font on their system. I don't use colored text, but I am guessing many people would like that as well.

I use blockquotes frequently. They have to work!

Be kind whenever possible. It is always possible

– Dalai Lama

Of course, if you are using some special wordpress plugins for editing, you are out of luck here. All you have is the formatting, and drafting feature that your email client gives you. But then, you will like this service only if you are a person who is more at home with what your email client gives you and no more.

I have read some fishy stuff that posterous has done in the past, like adding affiliate links to your posts without informing users. I hope they are more transparent about it now. But what makes me most uncomfortable is the possibility of lock-in. But if you use posterous to put content in your existing providers like facebook/twitter, etc. you are already surrendering data to other providers, or at the very least, they are your backup. The issue only arises when you post only at Posterous web interface, and don't channel the content elsewhere.

Update: Ok. It seems Posterous mostly gets it. The formatting came out fine. I still have to edit the post to set the Category. I screwed up the tags by using twitter tags instead of the way they have documented it.

An it still seems to me that if I need to edit my post, I would probably need to edit it twice. Once here in wordpress, and once in my posterous website. Did I tell you how some bits of this service is quite similar to Tumblr? ;) The email part makes it stand apart though.

Restart/Shutdown your Linux machine using dbus

Posted on by
Reply

Ok. This is fairly trivial stuff for many of you, but what I found interesting is that the SystemBus lets you shutdown/restart/suspend/hibernate as an ordinary user. Of course, if you think of a desktop, that is a pretty basic expectation of what an ordinary end-user should be able to do.

But when I think about a server, the thought that people can bypass a sudo while doing a shutdown makes me uneasy. Of course then, dbus shouldn’t be running on a server. Or anything which needs dbus. That means NetworkManager, for one. Of course, servers don’t run NetworkManager. Silly me.

In any case, I got the idea from this post by Timo on python-tutor:

import dbus
bus = dbus.SystemBus()
bus_object = bus.get_object("org.freedesktop.Hal", "/org/freedesktop/Hal/devices/computer")
bus_object.Shutdown(dbus_interface="org.freedesktop.Hal.Device.SystemPowerManagement")

Of course, I didn’t want to shutdown my netbook while trying out the code. So I tried replacing Shutdown with Suspend. That gave me some fairly confusing error message about some parameters being incorrect. Enough guessing. I decided to RTFM. So I found this ubuntu wiki page.

So I corrected the code above to be instead:
bus_object.Suspend(0, dbus_interface="org.freedesktop.Hal.Device.SystemPowerManagement")

And it indeed put my netbook to sleep.

You don’t need to code in Python to do this. The wiki above gives you the one line command to do this from the console.

$ dbus-send --system --print-reply --dest="org.freedesktop.Hal" /org/freedesktop/Hal/devices/computer org.freedesktop.Hal.Device.SystemPowerManagement.Suspend int32:0

The constant conflict between the Maker’s Schedule and Manager’s Schedule

Posted on by
Reply

This is something that has bothered me always for the past several years, especially in the period when I was working on my own. Paul Graham has managed to put this so eloquently into words:


There are two types of schedule, which I’ll call the manager’s schedule and the maker’s schedule.

The manager’s schedule is for bosses. Its embodied in the traditional appointment book, with each day cut into one hour intervals. You can block off several hours for a single task if you need to, but by default you change what you are doing every hour.When you use time that way, its merely a practical problem to meet with someone. Find an open slot in your schedule, book them, and you are done. Most powerful people are on the managers schedule. Its the schedule of command.

But there is another way of using time thats common among people who make things, like programmers and writers. They generally prefer to use time in units of half a day at least. You can’t write or program well in units of an hour. That’s barely enough time to get started. When youre operating on the makers schedule, meetings are a disaster.

Quick local DNS caching for your workstation in Ubuntu

Posted on by
3

The latest Ubuntu releases makes it real easy to set up a local DNS cache for your workstation using dnscache from the well-known djbdns software by D. J. Bernstein.

For those who have historically installed djbdns/ucspi-tcp/daemontools from source because of distribution restrictions, things changed really for the better after DJB placed all these software in the public domain in 2007. You can now setup all this in about one minute! (depending on your Internet connection though. :-P )

To setup a local dns cache in Ubuntu (specifically, 10.04 Lucid Lynx on which I tried this), right now you need to do:

  1. Install the necessary packages:

    sudo apt-get install daemontools daemontools-run djbdns dnscache-run ucspi-tcp

    This installs all the necessary packages using Debian’s filesystem layout (not DJB’s). So all services are symlinked in /etc/service (and not in /service). dnscache files are supposed to be accessed in /etc/dnscache, and are already configured to use the root servers.
  2. Start daemontools: The daemontools scripts (actually just svscan) are setup in Ubuntu to be run using upstart and not /etc/inittab. So all you need to do now is run:
    sudo start svscan.
  3. Making the computer use the local cache permanently. The install scripts actually replace your dns servers in /etc/resolv.conf with the loopback address on which dnscache runs. So you would have already started using the dns cache already. However, if you are using DHCP with Network Manager, these changes will be overwritten the next time NetworkManager modifies resolv.conf, e.g. when the lease is renewed or you plug-in a DHCP interface again. To make this permanent, edit /etc/dhcp3/dhclient.conf, and uncomment/add a line saying prepend domain-name-servers 127.0.0.1;. Disconnect and connect to your DHCP interface again, and see the loopback address (127.0.0.1) being added at the top of the name servers in /etc/resolv.conf .
    That is it.

As usual, here are the other commands that you would be doing to manage dnscache. Read the docs for more details.

  • View dnscache logs:
    tail -F /etc/dnscache/log/main/current | tai64nlocal
  • Start dnscache: svc -u /etc/service/dnscache
  • Stop dnscache: svc -d /etc/service/dnscache
  • Restart dnscache: svc -t /etc/service/dnscache
  • Edit root servers: Edit /etc/dnscache/root/servers/@

The magical moment that made me a FOSS guy forever

Posted on by
1

11 years back, I was just yet another guy out of college with a background of Turbo C/C++ and Pascal as most other batchmates of mine. My software career could have gone anywhere. PC Quest Linux was just a toy with which I was playing with but wasn’t too much attached to yet.

A stroke of good luck helped me get an opportunity to work with one of my close school friends – Inder, who introduced me to PHP 3. I hadn’t heard of it, but he assured me that it is going to catch up, and is great for making web sites. So I struggled through Apache and PHP 3 with the smattering of documentation available at the time.

One day, frustrated with my inability to set PHP up, I shot off a mail to the PHP 3 mailing list of the time, hoping I get some direction to see what I am doing wrong. To my utter disbelief, Rasmus Lerdorf himself replied to my question and gave me a step by step solution to my problem. And I was hooked to the Open Source community forever.

I finally managed to track down the reply by Rasmus to my newbie query 11 years back. I was blown away by the commitment of the Open Source leaders, and kept wondering “The guy codes all this and even then spends such quality time helping people out selflessly, no matter that others are making money out of his software!”.

To a person just out of college in India who haven’t ever interacted with the community before, the personal dedication of FOSS (free & open source software) leaders like the founder of PHP himself was a revelation. Today it is taken for granted, I feel.

I never found the same level of involvement among the closed source community, the last time I looked at it, and yes, at that time, Java included.

Quick tip: Merging photos from two different cameras

Posted on by
1

This time when we went to Pondicherry on the year end, we took two cameras – I took my Rebel XTi and my wife the LX3. While uploading our photos to Flickr, we had a problem. We wanted to merge our photo sets, but because of the different photo naming conventions of the two cameras, the photos won’t be sorted according to time taken. The solution, as I found out after a bit of digging and trying out different exif tools, was simple enough. Install jhead and run:

jhead -n%Y%m%d-%H%M%S -ft *.JPG

This would rename all the photos dumped in the current directory using the YYYYMMDD-HHMMSS format. And even if some app you have doesn’t sort by the file name, this command would change the modification time of all the photos to the time the photo was taken.

And yes, it is a good idea of using this time format and not the default MMDD-HHSS format, else trips on the year end (like ours, this time) would get messed up while sorting.

Adding new CA certificates in Ubuntu (Jaunty)

Posted on by
2

A quick tip. I couldn’t find this from a quick search when I really needed it.

The problem – command line programs like fetchmail use the system wide openssl CA certificates to verify the authenticity of the server certificates they are provided when they connect to an SSL server like POP3 or IMAP.

Sometimes, you will have providers like Dreamhost, who will get smart and ditch the atrocious certificate issuing set up we have right now, and give you a self-signed certificate to verify their servers.

So fetchmail will, for example, belch out this error message every time they connect to Dreamhost’s mail servers:


$ fetchmail -v --nosyslog
fetchmail: 6.3.9-rc2 querying homie.mail.dreamhost.com (protocol POP3) at Saturday 08 August 2009 02:12:28 AM IST: poll started
Trying to connect to 208.97.132.208/995...connected.
fetchmail: Issuer Organization: New Dream Network, LLC
fetchmail: Issuer CommonName: New Dream Network Certificate Authority
fetchmail: Server CommonName: *.mail.dreamhost.com
fetchmail: homie.mail.dreamhost.com key fingerprint: 17:F7:F2:FF:4A:9D:C3:D3:2B:8A:E9:12:47:C4:A4:28
fetchmail: Server certificate verification error: unable to get local issuer certificate
fetchmail: Server certificate verification error: certificate not trusted
fetchmail: Server certificate verification error: unable to verify the first certificate

While you can mostly ignore this (Dreamhost itself says they don’t care much about the “chain of trust” – all they care about is the encryption), you might want to be a little more careful and use the “sslcertck” keyword while connecting to your mail servers. This keyword will force fetchmail to only attempt fetching the mail if the issuer of the server certificate strictly matches a CA in your local CA certificates.

Note that this strict certificate check is going to be the default setting in fetchmail any day now. So you might want to pay more attention to these fetchmail warnings right now before they bite you later.

Dreamhost provides the CA certificate which issues their server SSL certificates here.

Installing this in Ubuntu was pretty simple once you know the program involved. So while this example is about Dreamhost, you can similarly install any CA certificates (even your own).

Steps are:

  1. Create a directory for the issuer under /usr/share/ca-certificates/.
    mkdir /usr/share/ca-certificates/dreamhost
  2. Copy the CA certificate file into this directory. Use this directory to consolidate all the CA certificates of the common entity.
    sudo cp ~/ndn.ca.crt /usr/share/ca-certificates/dreamhost
  3. Update the CA certificate hash symlinks used by openssl. This will open a text dialog asking you to confirm the CA certificates to be marked as trusted. Out of the box, a typical modern Linux distro would have a long list of certificates which would already be marked as trusted. You have to search for the authority you just copied (it would be unmarked), mark it and select OK.
    sudo dpkg-reconfigure ca-certificates

That is it! Next time your run fetchmail, the CA warnings should have gone.

Note that GUI programs like Firefox and Thunderbird have their own CA storages and therefore their own process of adding CA certificates. Modern versions of these programs make it pretty easy to add them using a just a few clicks. This post was about installing them for mostly CLI based programs like fetchmail.

Another note, it seems that on Ubuntu, Postfix needs the config parameters smtp_tls_CApath and smtpd_tls_CApath to be set to /etc/ssl/certs to verify server and client certificates respectively.

Using the official Flickr uploadr on Ubuntu

Posted on by
16

I normally use jUploader for uploading photos to Flickr from my Ubuntu Jaunty box. However, since I got the amazing Panasonic DMC-LX3 compact camera, I have been uploading HD videos too to Flickr. Now none of the FOSS tools that I know of support video right now. Since I insist on uploading photos in the order that I have taken them, it makes my photo upload workflow really messy – upload a few photos from jUploader, go to flickr.com and upload the video in the sequence, go back to jUploader for the next few photos, back to flickr.com for the videos, and so on. Disgusting, but I don’t know anything better, and if you do, please tell me.

So I decided to do the next best thing – I have started using the latest official Flickr Uploadr for Windows in Ubuntu using Wine. No, it doesn’t work out of the box. It just takes an additional step.

  1. Install wine. (apt-get install wine)
  2. Download winetricks from http://wiki.winehq.org/winetricks. This is a small script which automates installation of common wine program dependencies.
  3. Install MS Visual C++ 2005 libraries. (sh winetricks vcrun2005). Some messages which look like errors come on screen. Ignore these.
  4. Download Flickr Uploadr Windows executable from http://www.flickr.com/tools/uploadr/.
  5. Install it! (wine FlickrUploadr-3.2.1-2009.06.02.01-en.exe)

That is it! Find Flickr Uploadr installed in your menu at Applications->Wine->Programs.

Akamai awesomeness and Opendns lameness

Posted on by
5

Akamai footprint awesomeness.

My IP address.

sandipb@pluto:~$ wget -O - -q http://www.whatismyip.com/automation/n09230945.asp;echo
122.167.0.79
sandipb@pluto:~$ host 122.167.0.79
79.0.167.122.in-addr.arpa domain name pointer ABTS-KK-Dynamic-079.0.167.122.airtelbroadband.in.

Akamai CDN for downloading Adobe AIR.

sandipb@pluto:~$ host airdownload.adobe.com
airdownload.adobe.com is an alias for airdownload.wip3.adobe.com.
airdownload.wip3.adobe.com is an alias for airdownload.adobe.com.edgesuite.net.
airdownload.adobe.com.edgesuite.net is an alias for a1396.g.akamai.net.
a1396.g.akamai.net has address 203.101.62.10
a1396.g.akamai.net has address 203.101.62.11
sandipb@pluto:~$ host 203.101.62.10
10.62.101.203.in-addr.arpa domain name pointer dsl-KK-static-010.62.101.203.airtelbroadband.in.

I am downloading from a server co-located at my ISP. Industry standard in US, but I feel really great for this to be happening in India. :)

Imagine. Download server in India, three hops, 25 ms away!

sandipb@pluto:~$ mtr -i 10 203.101.62.10
My traceroute [v0.73]
pluto (0.0.0.0) Thu Apr 23 01:41:38 2009
Packets Pings
Host Loss% Snt Last Avg Best Wrst StDev
1. 192.168.1.1 0.0% 1 1.1 1.1 1.1 1.1 0.0
2. ABTS-KK-Dynamic-001.0.167.122.airtelbroadband.in 0.0% 1 25.4 25.4 25.4 25.4 0.0
3. ABTS-KK-Static-173.32.166.122.airtelbroadband.in 0.0% 1 24.9 24.9 24.9 24.9 0.0
4. ABTS-KK-static-008.32.144.59.airtelbroadband.in 0.0% 1 39.0 39.0 39.0 39.0 0.0
5. dsl-KK-static-010.62.101.203.airtelbroadband.in 0.0% 1 25.0 25.0 25.0 25.0 0.0

    Lesson learnt: OpenDNS hurts all this goodness

Thank goodness, I moved off opendns today. This is what opendns was giving me all this past year that I was using it.

sandipb@pluto:~$ dig @208.67.222.222 airdownload.adobe.com
...
;; ANSWER SECTION:
airdownload.adobe.com. 85521 IN CNAME airdownload.wip3.adobe.com.
airdownload.wip3.adobe.com. 218 IN CNAME airdownload.adobe.com.edgesuite.net.
airdownload.adobe.com.edgesuite.net. 20721 IN CNAME a1396.g.akamai.net.
a1396.g.akamai.net. 20 IN A 204.2.160.24
a1396.g.akamai.net. 20 IN A 204.2.160.34



sandipb@pluto:~$ host 204.2.160.24
24.160.2.204.in-addr.arpa domain name pointer a204-2-160-24.deploy.akamaitechnologies.com.
sandipb@pluto:~$ ping -c 1 204.2.160.24
PING 204.2.160.24 (204.2.160.24) 56(84) bytes of data.
64 bytes from 204.2.160.24: icmp_seq=1 ttl=54 time=259 ms

A download server 260ms and 11 hops away in US.

Using opendns is breaking anything which uses CDN. Now I have used opendns for a while and it is nice at its work. But believe me, we spend more time downloading videos and text than querying DNS, and if you have a DNS cache at home (like djbdns) or even your ISP’s DNS, it works a lot as well.